[WEB SECURITY] RE: Defeating nonce/token based CSRF protection
Jeroen van Dongen
jeroen at jkwadraat.net
Fri Apr 18 14:28:42 EDT 2008
Thanks all for the answers -
Mike Duncan summarised it nicely I guess:
"...and we are answering: Yes, this is possible but security in depth is
the best defense against this."
Thanks again,
Jeroen
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list